Researchers have uncovered a vulnerability in Cursor AI.

Researchers uncovered a vulnerability chain in Cursor AI that allowed attackers to hijack developer machines through indirect prompt injection hidden in malicious repositories. The exploit combined a sandbox bypass with Cursor’s remote tunnel feature, enabling attackers to gain shell access without user interaction beyond opening the repository. Because the exploited binary was legitimate and notarized, attackers could achieve full filesystem access on macOS systems.

Read more:

https://www.securityweek.com/cursor-ai-vulnerability-exposed-developer-devices/